Difference between revisions of "CentOS8 CheatSheet fuer System Administratoren"
		
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
		
		
		
		
		
	
|  (→Events) | |||
| (37 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | =System= | ||
| + | ==Hardware== | ||
| + | * Show hardware details | ||
| + |  lshw | ||
| + | * show bios hardware details | ||
| + |  dmidecode | ||
| − | = | + | ==Disk/Filesystem== | 
| − | + | * Show block uage of mounted disks | |
| − | + |  df -hP | |
| − |   dnf -y install  | + | |
| − | + | * Show inode uage of mounted disks | |
| − | + |  df -hiP | |
| + | |||
| + | * show how blockdevices are configured in system | ||
| + |  lsblk | ||
| + | |||
| + | * get 10 biggest files in current dir | ||
| + |  du -sm * .[^\.]* | sort -n | tail | ||
| + | |||
| + | * use ncdu to find large files | ||
| + |   dnf -y install epel-release | ||
| + |   dnf config-manager --enable epel | ||
| + |   dnf -y install ncdu | ||
| + |  ncdu -x /  #replace / with needed mountpoint | ||
| + | |||
| + | ==Memory== | ||
| + | * Show memory statistics | ||
| + |  free -th | ||
| + | * Top provides memory information as well | ||
| + |  top | ||
| + | |||
| + | ==CPU== | ||
| + | * show system load (1m, 5m, 15m) | ||
| + |  w | ||
| + | * detailed realtime statictics of procs, memory, swap, io, system, cpu | ||
| + |  vmstat 1 | ||
| + | |||
| + | ==Processes== | ||
| + | * tui process manager | ||
| + |  top | ||
| + | |||
| + | * show processes with tree | ||
| + |  ps -f fax | ||
| + | |||
| + | * detailed process information | ||
| + |  ps  -faxo ruser,ppid,pid,rss,vsz,pcpu,tty,args | ||
| + | |||
| + | ==Network== | ||
| + | * show ip config | ||
| + |  ip a | ||
| + | * show wan ip | ||
| + |  curl ifconfig.me | ||
| + | * confgure network settings | ||
| + |  nmtui | ||
| + | * activate changed network settings | ||
| + |  nmcli connection reload | ||
| + |  nmcli device reapply <nic name> | ||
| + |  # or just reboot the host | ||
| + | |||
| + | ===SUDO: User als admin erstellen=== | ||
| + |  useradd admin | ||
| + |  passwd admin | ||
| + |  id admin | ||
| + |  usermod -a -G wheel admin | ||
| + |  id admin | ||
| + |  su - admin | ||
| + |  # jetzt bist du als admin eingeloggt | ||
| + |  sudo service chronyd restart | ||
| + |  # das geht nur als root user (sudo rechte erteilt) | ||
| + | |||
| + | [[Category:Linux]] | ||
| + | [[Category:ReferenceCards]] | ||
| + | [[Category:Training]] | ||
| =Services= | =Services= | ||
| + | * list all services | ||
| + |  systemctl list-units --type service | ||
| − | *  | + | * List failed services on boot 	 | 
| − | + |   systemctl --failed | |
| − | |||
| − | |||
| − |   systemctl -- | ||
| * show all running services | * show all running services | ||
| Line 19: | Line 85: | ||
| * show detailed service status | * show detailed service status | ||
| − |   systemctl  | + |   systemctl status <svc-name> | 
| − | * service  | + | * most common service handling | 
| − |    systemctl [start|stop|restart|enable|disable|mask] <svc-name> | + |    systemctl [start|stop|restart|status|enable|disable|mask] <svc-name> | 
| * check if service is enabled to autostart after reboot | * check if service is enabled to autostart after reboot | ||
|   systemctl is-enabled <svc-name> |   systemctl is-enabled <svc-name> | ||
| + | |||
| + | =SELinux= | ||
| + | * show SELinux status | ||
| + |  getenforce | ||
| + | * disable SELinux (not persistent) | ||
| + |  setenforce 0 | ||
| + | * change SELinux mode (reboot needed) | ||
| + |  vi /etc/sysconfig/selinux | ||
| + | * show selinux alerts and recomendations | ||
| + |  sealert -a /var/log/audit/audit.log | ||
| + | |||
| + | =Firewalling= | ||
| + | * show firewalling status | ||
| + |  systemctl list-units --runtime | egrep 'firewall|tables' | ||
| + | * show active iptables rules | ||
| + |  iptables-save | ||
| + | * show loaded nftables rules | ||
| + |  nft list ruleset | ||
| + | |||
| + | ==disable firewalling for testing== | ||
| + | * check which kind of firewall is running on the system | ||
| + |  systemctl list-units --runtime | egrep 'firewall|tables' | ||
| + | |||
| + | * temporary disable ALL firewall rules (will reaper after reboot) | ||
| + |  systemctl stop firewalld nftables iptables | ||
| + | |||
| + | * test now if it works | ||
| + | |||
| + | * restart all services that where running before testing (or just reboot) | ||
| + |  systemctl start <svc-name> | ||
| + | |||
| + | [[Category:Linux]] | ||
| + | [[Category:ReferenceCards]] | ||
| + | [[Category:Training]] | ||
| + | |||
| + | =Scheduling= | ||
| + | |||
| + | ==cron (user/system)== | ||
| + | * cron overview | ||
| + |  tail -n +1 /etc/crontab /etc/cron.*/* /var/spool/cron/* | ||
| + | * edit crontab of user | ||
| + |  crontab -e -u root | ||
| + | * show crontab of user | ||
| + |  crontab -l -u bob | ||
| + | |||
| + | =at (one time)= | ||
| + | * create job | ||
| + |  at 22:00 30.12.13 | ||
| + | * list jobs | ||
| + |  atq | ||
| + | * remove job | ||
| + |  atrm <id> | ||
| + | |||
| + | =systemd (user/system)= | ||
| + | * list timers | ||
| + |  systemctl list-units --type timer | ||
| + | * show configuration of timer | ||
| + |  systemctl show <name> | ||
| + | * get timer status | ||
| + |  systemctl status <name> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| =Events= | =Events= | ||
| + | |||
| + | ==Show last boots== | ||
| + |  journalctl --list-boots | ||
| + |  last reboot | ||
| ==Journal== | ==Journal== | ||
| − | *  | + | * Show log since last boot | 
| − |   journalctl - | + |   journalctl -b | 
| − | *  | + | * Kernel messages (like dmesg) | 
| − |   journalctl -- | + |   journalctl -k | 
| + | * Show latest log and wait for changes | ||
| + |  journalctl -f | ||
| + | * Reverse output (newest first) | ||
| + |  journalctl -r | ||
| + | * Show only errors and worse | ||
| + |  journalctl -b -p err | ||
| + | * Filter on time (example) | ||
| + |  journalctl --since=2014-06-00 --until="2014-06-07 12:00:00" | ||
| + | * Since yesterday | ||
| + |  journalctl --since=yesterday | ||
| + | * Show only log of SERVICE | ||
| + |  journalctl -u SERVICE | ||
| + | * Match executable, e.g. dhclient | ||
| + |  journalctl /usr/sbin/dhclient | ||
| + | * Match device node, e.g. /dev/sda | ||
| + |  journalctl /dev/sda | ||
| ==Log Files== | ==Log Files== | ||
| Line 41: | Line 191: | ||
| * tail all files under /var/log | * tail all files under /var/log | ||
|   tail -f -n0 /var/log/* /var/log/*/* |   tail -f -n0 /var/log/* /var/log/*/* | ||
| + | |||
| + | |||
| + | =Software= | ||
| + | install package and deps | ||
| + |  dnf install httpd | ||
| + | |||
| + | remove package and deps | ||
| + |  dnf remove php-mysql | ||
| + | |||
| + | update entire system and deps | ||
| + |  dnf upgrade | ||
| + | |||
| + | update one package without question | ||
| + |  dnf -y update httpd | ||
| + | |||
| + | clean package cache | ||
| + |  dnf clean all | ||
| + | |||
| + | search for name in package-name and description | ||
| + |  dnf search gstream | ||
| + | |||
| + | search for name in package-name | ||
| + |  dnf list '*http*' | ||
| + | |||
| + | search for package which provides this comand | ||
| + |  dnf provides '*fortune' | ||
| + | |||
| + | list all package groups | ||
| + |  dnf grouplist | ||
| + | |||
| + | install package group | ||
| + |  dnf groupinstall XFCE | ||
| + | |||
| + | remove package group | ||
| + |  dnf remove "PostgreSQL Database" | ||
| + | |||
| + | downgrade package | ||
| + |  dnf --showduplicates list samba-common | ||
| + |  dnf downgrade package1 package2 | ||
| + | |||
| + | =Debugging= | ||
| + | ==repeat comand== | ||
| + |  watch df -hP | ||
| + | |||
| + | ==network bandwith monitoring== | ||
| + |  dnf -y install epel-release | ||
| + |  dnf -y install iftop | ||
| + |  iftop | ||
| [[Category:Linux]] | [[Category:Linux]] | ||
| Line 46: | Line 244: | ||
| [[Category:Training]] | [[Category:Training]] | ||
| − | = | + | ==Dstat performance monitoring== | 
| − | + |  dnf -y install pcp-system-tools | |
| − | + |  dstat -af | |
| − | + |  dstat -cdngy | |
| − | + |  dstat -f -M time,cpu,net,disk,sys,swap,page,load,proc,topcpu --output $(date '+%Y.%m.%d-%H.%M')-dstat.csv | |
| − | + |  dstat -cdngymsp --lock --tcp --output $(date '+%Y.%m.%d-%H.%M')-dstat.csv | |
| − | + | ||
| + | ==Enter debug shell (reset root password)== | ||
| + | * Reboot the machine | ||
| + | * When grub kernel selection is showing up, press e | ||
| + | |||
| + | * At the end of the line with beginning linux remove the "rhgb quiet" (on the end) | ||
| + | * At the end of the line with beginning linux add init=/bin/bash | ||
| + | * At the line beginning linux replace the ro with rw | ||
| + | |||
| + | * Press CTRL + x to boot into this settings | ||
| + | * Now system boots into single shell process instead of full linux env | ||
| + | * Now you can reset the password or debug the system | ||
| + | * '''hints:''' | ||
| + |   su - # load full bash config | ||
| + | * change keyboard layout | ||
| + |  loadkeys sg #swiss german | ||
| + |  loadkeys us #forbidden :-) | ||
| + | * network config files | ||
| + |   ls /etc/sysconfig/network-scripts/ifcfg-* | ||
| + | * selinux config (disable/enable) | ||
| + |  vi /etc/sysconfig/selinux | ||
| + | * reset all selinux tags on next boot (relabel) | ||
| + |  touch /.autorelabel | ||
| + | * force filesystem check on next boot | ||
| + |  touch /.forcefsck | ||
| + | * force manual reboot | ||
| + |  sync | ||
| + |   reboot -f | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ==strace examples (process tracing)== | ||
| + |  strace -ff -e trace=write -e write=1,2 -p SOME_PID | ||
| + |  strace -e open ls | ||
| + |  strace -e trace=open,read ls /home | ||
| + |  strace -o output.txt ls  | ||
| + |  strace -f -p 1725 -o firefox_trace.txt # f: follow process | ||
| + |  strace -t -e open ls /home #timestamp | ||
| + |  strace -c ls /home # statistics | ||
| + |   strace -f -t -e trace=file systemctl restart SuSEfirewall2 2>&1 | grep open | cut -d'"' -f2 | ||
| + | ==SOS Report (Log Bundle)== | ||
| + | This collects a log bundle which can be used for later debugging and analyzing. <br> | ||
| + | Start this BEFORE you try to repair or change something, as well do not forget to snapshot/backup System/Application before debugging. | ||
| + |  dnf -y install sos | ||
| + |  sosreport | ||
| + |  cp -av /var/tmp/sosreport* /root/ | ||
| + | |||
| + | [[Category:Linux]] | ||
| [[Category:ReferenceCards]] | [[Category:ReferenceCards]] | ||
| − | |||
| [[Category:Training]] | [[Category:Training]] | ||
Latest revision as of 15:22, 17 December 2020
Contents
1 System
1.1 Hardware
- Show hardware details
lshw
- show bios hardware details
dmidecode
1.2 Disk/Filesystem
- Show block uage of mounted disks
df -hP
- Show inode uage of mounted disks
df -hiP
- show how blockdevices are configured in system
lsblk
- get 10 biggest files in current dir
du -sm * .[^\.]* | sort -n | tail
- use ncdu to find large files
dnf -y install epel-release dnf config-manager --enable epel dnf -y install ncdu ncdu -x / #replace / with needed mountpoint
1.3 Memory
- Show memory statistics
free -th
- Top provides memory information as well
top
1.4 CPU
- show system load (1m, 5m, 15m)
w
- detailed realtime statictics of procs, memory, swap, io, system, cpu
vmstat 1
1.5 Processes
- tui process manager
top
- show processes with tree
ps -f fax
- detailed process information
ps -faxo ruser,ppid,pid,rss,vsz,pcpu,tty,args
1.6 Network
- show ip config
ip a
- show wan ip
curl ifconfig.me
- confgure network settings
nmtui
- activate changed network settings
nmcli connection reload nmcli device reapply <nic name> # or just reboot the host
1.6.1 SUDO: User als admin erstellen
useradd admin passwd admin id admin usermod -a -G wheel admin id admin su - admin # jetzt bist du als admin eingeloggt sudo service chronyd restart # das geht nur als root user (sudo rechte erteilt)
2 Services
- list all services
systemctl list-units --type service
- List failed services on boot
systemctl --failed
- show all running services
systemctl --all --state=running
- show detailed service status
systemctl status <svc-name>
- most common service handling
systemctl [start|stop|restart|status|enable|disable|mask] <svc-name>
- check if service is enabled to autostart after reboot
systemctl is-enabled <svc-name>
3 SELinux
- show SELinux status
getenforce
- disable SELinux (not persistent)
setenforce 0
- change SELinux mode (reboot needed)
vi /etc/sysconfig/selinux
- show selinux alerts and recomendations
sealert -a /var/log/audit/audit.log
4 Firewalling
- show firewalling status
systemctl list-units --runtime | egrep 'firewall|tables'
- show active iptables rules
iptables-save
- show loaded nftables rules
nft list ruleset
4.1 disable firewalling for testing
- check which kind of firewall is running on the system
systemctl list-units --runtime | egrep 'firewall|tables'
- temporary disable ALL firewall rules (will reaper after reboot)
systemctl stop firewalld nftables iptables
- test now if it works
- restart all services that where running before testing (or just reboot)
systemctl start <svc-name>
5 Scheduling
5.1 cron (user/system)
- cron overview
tail -n +1 /etc/crontab /etc/cron.*/* /var/spool/cron/*
- edit crontab of user
crontab -e -u root
- show crontab of user
crontab -l -u bob
6 at (one time)
- create job
at 22:00 30.12.13
- list jobs
atq
- remove job
atrm <id>
7 systemd (user/system)
- list timers
systemctl list-units --type timer
- show configuration of timer
systemctl show <name>
- get timer status
systemctl status <name>
8 Events
8.1 Show last boots
journalctl --list-boots last reboot
8.2 Journal
- Show log since last boot
journalctl -b
- Kernel messages (like dmesg)
journalctl -k
- Show latest log and wait for changes
journalctl -f
- Reverse output (newest first)
journalctl -r
- Show only errors and worse
journalctl -b -p err
- Filter on time (example)
journalctl --since=2014-06-00 --until="2014-06-07 12:00:00"
- Since yesterday
journalctl --since=yesterday
- Show only log of SERVICE
journalctl -u SERVICE
- Match executable, e.g. dhclient
journalctl /usr/sbin/dhclient
- Match device node, e.g. /dev/sda
journalctl /dev/sda
8.3 Log Files
- tail all currently open text files
lsof -F | sed '/^n\//!d;s/^n//;s/ .*//' | sort -u | xargs file | grep ' text$' | cut -d: -f1 | xargs tail -fn0
- tail all files under /var/log
tail -f -n0 /var/log/* /var/log/*/*
9 Software
install package and deps
dnf install httpd
remove package and deps
dnf remove php-mysql
update entire system and deps
dnf upgrade
update one package without question
dnf -y update httpd
clean package cache
dnf clean all
search for name in package-name and description
dnf search gstream
search for name in package-name
dnf list '*http*'
search for package which provides this comand
dnf provides '*fortune'
list all package groups
dnf grouplist
install package group
dnf groupinstall XFCE
remove package group
dnf remove "PostgreSQL Database"
downgrade package
dnf --showduplicates list samba-common dnf downgrade package1 package2
10 Debugging
10.1 repeat comand
watch df -hP
10.2 network bandwith monitoring
dnf -y install epel-release dnf -y install iftop iftop
10.3 Dstat performance monitoring
dnf -y install pcp-system-tools dstat -af dstat -cdngy dstat -f -M time,cpu,net,disk,sys,swap,page,load,proc,topcpu --output $(date '+%Y.%m.%d-%H.%M')-dstat.csv dstat -cdngymsp --lock --tcp --output $(date '+%Y.%m.%d-%H.%M')-dstat.csv
10.4 Enter debug shell (reset root password)
- Reboot the machine
- When grub kernel selection is showing up, press e
- At the end of the line with beginning linux remove the "rhgb quiet" (on the end)
- At the end of the line with beginning linux add init=/bin/bash
- At the line beginning linux replace the ro with rw
- Press CTRL + x to boot into this settings
- Now system boots into single shell process instead of full linux env
- Now you can reset the password or debug the system
- hints:
su - # load full bash config
- change keyboard layout
loadkeys sg #swiss german loadkeys us #forbidden :-)
- network config files
ls /etc/sysconfig/network-scripts/ifcfg-*
- selinux config (disable/enable)
vi /etc/sysconfig/selinux
- reset all selinux tags on next boot (relabel)
touch /.autorelabel
- force filesystem check on next boot
touch /.forcefsck
- force manual reboot
sync reboot -f
10.5 strace examples (process tracing)
strace -ff -e trace=write -e write=1,2 -p SOME_PID strace -e open ls strace -e trace=open,read ls /home strace -o output.txt ls strace -f -p 1725 -o firefox_trace.txt # f: follow process strace -t -e open ls /home #timestamp strace -c ls /home # statistics strace -f -t -e trace=file systemctl restart SuSEfirewall2 2>&1 | grep open | cut -d'"' -f2
10.6 SOS Report (Log Bundle)
This collects a log bundle which can be used for later debugging and analyzing. 
Start this BEFORE you try to repair or change something, as well do not forget to snapshot/backup System/Application before debugging.
dnf -y install sos sosreport cp -av /var/tmp/sosreport* /root/

